package org.springlayer.core.flowable.service;

import java.io.UnsupportedEncodingException;
import java.lang.reflect.Method;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Resource;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.flowable.idm.api.Group;
import org.flowable.idm.api.IdmIdentityService;
import org.flowable.idm.api.Privilege;
import org.flowable.idm.api.Token;
import org.flowable.idm.api.User;
import org.flowable.ui.common.model.GroupRepresentation;
import org.flowable.ui.common.model.RemoteGroup;
import org.flowable.ui.common.model.RemoteUser;
import org.flowable.ui.common.model.UserRepresentation;
import org.flowable.ui.common.security.FlowableAppUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ReflectionUtils;

@Service
/* loaded from: input_file:org/springlayer/core/flowable/service/MyCurrentUserService.class */
public class MyCurrentUserService {
    private static Logger logger = LoggerFactory.getLogger(MyCurrentUserService.class);

    @Resource
    private IdmIdentityService idmIdentityService;

    @Resource
    private PersistentTokenService persistentTokenService;

    @Transactional(propagation = Propagation.REQUIRED, rollbackFor = {Exception.class})
    public UserRepresentation initLoginUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        UserRepresentation userRepresentation;
        User user = (User) this.idmIdentityService.createUserQuery().userId("admin").singleResult();
        if (user != null) {
            userRepresentation = new UserRepresentation(user);
            List list = this.idmIdentityService.createPrivilegeQuery().userId("admin").list();
            if (!CollectionUtils.isEmpty(list)) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    userRepresentation.getPrivileges().add(((Privilege) it.next()).getName());
                }
            }
            List list2 = this.idmIdentityService.createGroupQuery().groupMember("admin").list();
            if (!CollectionUtils.isEmpty(list2)) {
                Iterator it2 = list2.iterator();
                while (it2.hasNext()) {
                    userRepresentation.getGroups().add(new GroupRepresentation((Group) it2.next()));
                }
            }
        } else {
            User newUser = this.idmIdentityService.newUser("admin");
            newUser.setFirstName("Hz");
            newUser.setLastName("Administrator");
            newUser.setDisplayName("Administrator");
            newUser.setEmail("admin@flowable.org");
            newUser.setPassword("test");
            this.idmIdentityService.saveUser(newUser);
            List asList = Arrays.asList("access-idm", "access-admin", "access-modeler", "access-task", "access-rest-api");
            asList.forEach(str -> {
                this.idmIdentityService.addUserPrivilegeMapping(this.idmIdentityService.createPrivilege(str).getId(), newUser.getId());
            });
            userRepresentation = new UserRepresentation(newUser);
            userRepresentation.setPrivileges(asList);
        }
        login(userRepresentation, httpServletRequest, httpServletResponse);
        return userRepresentation;
    }

    protected void login(UserRepresentation userRepresentation, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        User remoteUser = new RemoteUser();
        remoteUser.setId(userRepresentation.getId());
        remoteUser.setFirstName(userRepresentation.getFirstName());
        remoteUser.setLastName(userRepresentation.getLastName());
        remoteUser.setFullName(userRepresentation.getFullName());
        remoteUser.setDisplayName(userRepresentation.getLastName());
        remoteUser.setEmail(userRepresentation.getEmail());
        remoteUser.setTenantId(userRepresentation.getTenantId());
        remoteUser.setPrivileges(userRepresentation.getPrivileges());
        List<GroupRepresentation> groups = userRepresentation.getGroups();
        ArrayList arrayList = new ArrayList(2);
        for (GroupRepresentation groupRepresentation : groups) {
            RemoteGroup remoteGroup = new RemoteGroup();
            remoteGroup.setId(groupRepresentation.getId());
            remoteGroup.setName(groupRepresentation.getName());
            remoteGroup.setType(groupRepresentation.getType());
            arrayList.add(remoteGroup);
        }
        remoteUser.setGroups(arrayList);
        Token createToken = this.persistentTokenService.createToken(remoteUser, httpServletRequest.getRemoteAddr(), httpServletRequest.getHeader("User-Agent"));
        addCookie(createToken, httpServletRequest, httpServletResponse);
        ArrayList arrayList2 = new ArrayList();
        Iterator it = remoteUser.getPrivileges().iterator();
        while (it.hasNext()) {
            arrayList2.add(new SimpleGrantedAuthority((String) it.next()));
        }
        FlowableAppUser flowableAppUser = new FlowableAppUser(remoteUser, remoteUser.getId(), arrayList2);
        SecurityContextHolder.getContext().setAuthentication(new RememberMeAuthenticationToken(createToken.getId(), flowableAppUser, flowableAppUser.getAuthorities()));
        logger.info("flowable当前操作用户 {} 登录成功...", userRepresentation.getId());
    }

    protected void addCookie(Token token, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setCookie(new String[]{token.getId(), token.getTokenValue()}, httpServletRequest, httpServletResponse);
    }

    protected void setCookie(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie("FLOWABLE_REMEMBER_ME", encodeCookie(strArr));
        cookie.setMaxAge(2678400);
        cookie.setPath("/");
        String header = httpServletRequest.getHeader("X-Forwarded-Proto");
        if (header != null) {
            cookie.setSecure(header.equals("https") || httpServletRequest.isSecure());
        } else {
            cookie.setSecure(httpServletRequest.isSecure());
        }
        Method findMethod = ReflectionUtils.findMethod(Cookie.class, "setHttpOnly", new Class[]{Boolean.TYPE});
        if (findMethod != null) {
            ReflectionUtils.invokeMethod(findMethod, cookie, new Object[]{Boolean.TRUE});
        } else if (logger.isDebugEnabled()) {
            logger.debug("Note: Cookie will not be marked as HttpOnly because you are not using Servlet 3.0 (Cookie#setHttpOnly(boolean) was not found).");
        }
        httpServletResponse.addCookie(cookie);
    }

    protected String encodeCookie(String[] strArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < strArr.length; i++) {
            try {
                sb.append(URLEncoder.encode(strArr[i], StandardCharsets.UTF_8.toString()));
            } catch (UnsupportedEncodingException e) {
                logger.error(e.getMessage(), e);
            }
            if (i < strArr.length - 1) {
                sb.append(":");
            }
        }
        StringBuilder sb2 = new StringBuilder(new String(Base64.getEncoder().encode(sb.toString().getBytes())));
        while (sb2.charAt(sb2.length() - 1) == '=') {
            sb2.deleteCharAt(sb2.length() - 1);
        }
        return sb2.toString();
    }
}
